Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
-
Updated
Jun 12, 2024 - Go
Chainloop is an Open Source evidence store for your Software Supply Chain attestations, SBOMs, VEX, SARIF, CSAF files, QA reports, and more.
A Go implementation of in-toto. in-toto is a framework to protect software supply chain integrity.
Enabling Software Supply Chain Security Capabilities in ArgoCD
Github Action implementation of SLSA Provenance Generation
Prototype in-toto attestation verifier based on ITE-10 and ITE-11 layouts
Add a description, image, and links to the in-toto topic page so that developers can more easily learn about it.
To associate your repository with the in-toto topic, visit your repo's landing page and select "manage topics."